last sync: 2022-Jul-01 16:32:34 UTC

Azure Policy definition

Azure Key Vault Managed HSM should have purge protection enabled

Name Azure Key Vault Managed HSM should have purge protection enabled
Azure Portal
Id c39ba22d-4428-4149-b981-70acb31fc383
Version 1.0.0
details on versioning
Category Key Vault
Microsoft docs
Description Malicious deletion of an Azure Key Vault Managed HSM can lead to permanent data loss. A malicious insider in your organization can potentially delete and purge Azure Key Vault Managed HSM. Purge protection protects you from insider attacks by enforcing a mandatory retention period for soft deleted Azure Key Vault Managed HSM. No one inside your organization or Microsoft will be able to purge your Azure Key Vault Managed HSM during the soft delete retention period.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Deny, Disabled)
Used RBAC Role none
Rule Aliases IF (2)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.KeyVault/managedHsms/enablePurgeProtection Microsoft.KeyVault managedHSMs properties.enablePurgeProtection true
Microsoft.KeyVault/managedHsms/enableSoftDelete Microsoft.KeyVault managedHSMs properties.enableSoftDelete false
Rule ResourceTypes IF (1)
Date/Time (UTC ymd) (i) Change type Change detail
2021-02-17 14:28:42 add c39ba22d-4428-4149-b981-70acb31fc383
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State Type
[Preview]: New Zealand ISM Restricted v3.5 93d2179e-3068-c82f-2428-d614ae836a04 Regulatory Compliance Preview BuiltIn
[Preview]: RMIT Malaysia 97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6 Regulatory Compliance Preview BuiltIn
CIS Microsoft Azure Foundations Benchmark v1.1.0 1a5bb27d-173f-493e-9568-eb56638dde4d Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
New Zealand ISM Restricted d1a462af-7e6d-4901-98ac-61570b4ed22a Regulatory Compliance GA BuiltIn